Canonical’s offerings on Azure

Ubuntu images

Canonical produces a wide variety of Ubuntu images to support numerous features found on Azure.

  • Server images are general-purpose images customized for Azure Virtual Machines. These images are also available with Ubuntu Pro enabled.

  • Minimal images are designed for automated deployment at scale with a reduced default package set. Things like interactive usage tools are omitted. They are much smaller, boot faster, and require fewer security updates over time due to the fewer installed packages. These images are also available with Ubuntu Pro enabled.

  • Confidential Virtual Machine (CVM) images provide enhanced security features designed to protect data at rest, in use, and during boot. CVM images are intended for use with Azure’s confidential computing capabilities using hardware-enabled security features. These images are also available with Ubuntu Pro enabled.

  • GB200-Compatible Server images are optimized for AI and designed to run on NVIDIA GB200 hardware. These images are also available with Ubuntu Pro enabled.

  • Ubuntu Pro images are premium images that include comprehensive security coverage for at least ten years, kernel Livepatch service, and optional 24/7 enterprise-grade support. Additional Pro entitlements such as FIPS-certified modules and the Ubuntu Security Guide are also available to install.

  • Ubuntu Pro FIPS images are built on Ubuntu Pro, but with the FIPS-certified modules pre-installed so that they are used from the first boot of the image. Intended for high-security or government usage.

  • Ubuntu Pro Minimal CIS images are built on Ubuntu Pro and are CIS-hardened with a minimal footprint to maximize security. These images are available with CIS Level 1 or CIS Level 2 hardening.

The availability of each of these images and the means to find them on Azure is described in the Find Ubuntu images page.

Optimizations for Azure

Integration with Azure systems

Ubuntu on Azure cloud integrates with the Systems Manager, ensuring that system management tools work natively for instances on the platform. This includes everything from Azure Update Manager and Security Center, to Azure Policy, to using Azure AD to manage your SSH logins. A number of Microsoft products are built on Ubuntu, such as Azure Kubernetes Service and Databricks.

Customized kernel

The linux-azure kernel enables accelerated networking for the InfiniBand capable instances, as well as consistent support for the Single Root I/O Virtualization (SR-IOV) on the present hardware, enabling network traffic to bypass the virtualization stack and achieve almost native performance. It comes with FPGA support out of the box, taking advantage of Project Catapult to provide performance without the cost and complexity of a custom ASIC.

Kernel variants

In addition to the default linux-azure kernel on Azure, Canonical produces kernel variants:

  • linux-azure-fde: Enables support for Azure Confidential Compute and is installed in Ubuntu CVM images.

  • linux-azure-nvidia: The kernel for GB200-Compatible Server images to enable support for NVIDIA GB200 hardware.

  • linux-azure-fips: The FIPS-compliant kernel for Ubuntu images on Azure. Installed in Ubuntu Pro FIPS images.

Collaborative Optimizations

  1. Anbox on Azure, that allows users to run Android apps on Azure at scale

  2. Collaboration with Azure’s AKS team to support the Azure Kubernetes worker node image, as these worker nodes nearly always run Ubuntu

  3. Collaboration with the Azure Guest Patching Service and Update Manager teams to ensure simple security patch management for users

  4. Collaboration with the .Net team on Chiseled .Net images that have a smaller size and security cross-section

  5. Landscape on Azure, for managing your Ubuntu deployments at scale